PT-2024-32094 · Enms · Enms

Name of the Vulnerable Software and Affected Versions: eNMS versions up to 4.7.1 Description: The issue is a Directory Traversal vulnerability, which occurs via the download/folder path. Recommendations: For versions up to 4.7.1, consider restricting access to the download/folder path as a...

PT-2024-32093 · Enms · Enms

Name of the Vulnerable Software and Affected Versions: eNMS versions 4.4.0 through 4.7.1 Description: The issue is related to a Directory Traversal vulnerability in the scan folder feature. This vulnerability allows unauthorized access to sensitive files and directories. Recommendations: For eNMS...

eNMS 安全漏洞

eNMS is a network automation platform from eNMS Open Source. A security vulnerability exists in eNMS versions 4.4.0 through 4.7.1, which stems from vulnerability to directory traversal attacks via scanfolder...

eNMS 安全漏洞

eNMS is a network automation platform from eNMS Open Source. A security vulnerability exists in eNMS 4.7.1 and earlier versions, which stems from vulnerability to directory traversal attacks via download/folder...

CVE-2024-46648

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scanfolder...

CVE-2024-46649

eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder...

PT-2024-40173 · Unknown · Camaleon Cms

Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: The issue concerns a path traversal vulnerability in the MediaController class. An attacker who has taken over an administrator account could potentially delete arbitrary files or...

VulnCheck KEV: CVE-2023-34598

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...

GHSA-64VR-G452-QVP3 Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Vite when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name...

How to Reset Account Lockout for 'Managed Hardened Repository ISO by Veeam'

Purpose This article documents how to unlock the accounts used with the Managed Hardened Repository ISO by Veeam, veeamsvc or vhradmin, when they become locked out. The Managed Hardened Repository ISO by Veeam deploys Rocky Linux with the DISA STIG security profile, which utilizes faillock to loc...

CVE-2024-27115

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...

CVE-2024-27115

CVE-2024-27115 corresponds to an authenticated RCE in SOPlanning via PHP file upload. The nuclei template specifies exploitation of SOPlanning 1.52.01 through authenticated file upload, enabling an attacker to upload and execute PHP code. Remediation is to upgrade to a version newer than 1.52.01,...

Arbitrary Code Execution

Apache Airflow is vulnerable to Arbitrary Code Execution. The vulnerability is due to DAG authors being able to add local settings to the DAG folder, which are then executed by the scheduler, allowing unintended code execution...

PYSEC-2024-212

Apache Airflow versions before 2.10.1 have a vulnerability that allowsDAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later,...

PT-2024-31385 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.1 Description: The issue allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author...

CVE-2024-7834

The CVE-2024-7834 entry concerns Overwolf. Affected: Overwolf software (frames/SDK) that loads and executes certain DLLs from a user-writable folder during startup, running in SYSTEM context. Root cause: untrusted DLLs placed in the user-writable location are loaded on launch, enabling local priv...

PT-2024-38613 · Overwolf · Overwolf

Name of the Vulnerable Software and Affected Versions: Overwolf affected versions not specified Description: A local privilege escalation issue is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an...

node-tar: denial of service while parsing a tar file due to lack of folders depth validation

A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...

node-tar: denial of service while parsing a tar file due to lack of folders depth validation

A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...

CVE-2024-38456

HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user non-admin can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the...